## Configuração para etherpad.partidopirata.org
server {
  listen 80;
  listen [::]:80;
  server_name pad.partidopirata.org;
  return 307 https://pad.partidopirata.org$request_uri;
}
server {
  listen 80;
  listen [::]:80;
  server_name *.pad.partidopirata.org;
  return 301 http://pad.partidopirata.org$request_uri;
}
## Endereço antigo
server {
  listen 80;
  listen [::]:80;
  server_name etherpad.partidopirata.org;
  return 301 http://pad.partidopirata.org$request_uri;
}
server {
  listen 80;
  listen [::]:80;
  server_name *.etherpad.partidopirata.org;
  return 301 http://pad.partidopirata.org$request_uri;
}

## SSL
server {
  listen 443 ssl;
  listen [::]:443 ssl;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
  ssl_ecdh_curve secp384r1;
  ssl_session_cache shared:SSL:10m;
  ssl_session_tickets off;
  ssl_stapling on;
  ssl_stapling_verify on;
  resolver 208.67.220.220 208.67.222.222 valid=300s;
  resolver_timeout 5s;
  add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
  add_header X-Frame-Options SAMEORIGIN;
  add_header X-Content-Type-Options nosniff;
  ssl_certificate /etc/letsencrypt/live/partidopirata.org-0001/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/partidopirata.org-0001/privkey.pem;
  ssl_trusted_certificate /etc/letsencrypt/live/partidopirata.org-0001/chain.pem;

  server_name pad.partidopirata.org;

  location / {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_pass http://etherpad;
  }
  location ~ /\.ht {
    deny all;
  }
}
## Endereço antigo
server {
  listen 443 ssl;
  listen [::]:443 ssl;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
  ssl_ecdh_curve secp384r1;
  ssl_session_cache shared:SSL:10m;
  ssl_session_tickets off;
  ssl_stapling on;
  ssl_stapling_verify on;
  resolver 208.67.220.220 208.67.222.222 valid=300s;
  resolver_timeout 5s;
  add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
  add_header X-Frame-Options SAMEORIGIN;
  add_header X-Content-Type-Options nosniff;
  ssl_certificate /etc/letsencrypt/live/partidopirata.org-0001/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/partidopirata.org-0001/privkey.pem;
  ssl_trusted_certificate /etc/letsencrypt/live/partidopirata.org-0001/chain.pem;

  server_name etherpad.partidopirata.org;
  return 301 https://pad.partidopirata.org$request_uri;
}

## Tor
server {
  listen 127.0.0.1:42991;
  allow 127.0.0.1;
  deny all;

  add_header X-Frame-Options SAMEORIGIN;
  add_header X-Content-Type-Options nosniff;

  server_name padrw2aemzoggqyf.onion;

  location / {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_pass http://etherpad;
  }
  location ~ /\.ht {
    deny all;
  }
}

